Channels
#kolide
Title
# kolide
d
defensivedepth
10/19/2020, 8:44 PMWindows Server 2019, Launcher + autoupdate stable. Trying to enroll in Fleet, seeing the folllowing:
caller=level.go:63 level=info caller=extension.go:136 msg="extension interrupted" err="enrolling host: query enrollment details, (even with retries): done trying: query enrollment details: could not query the extension manager client: write field stop error: The pipe is being closed."j
Jason Green
10/21/2020, 7:45 PMStarted getting this, figure it out yet?
d
defensivedepth
10/21/2020, 9:01 PMNot yet - is yours from a fresh install? Stock Launcher / Fleet?
j
Jason Green
10/21/2020, 9:06 PMMine is from so-launcher in SO 2.3.0, same msi worked on other hosts.
d
defensivedepth
10/22/2020, 12:06 PM@seph Have you seen this before?
s
seph
10/22/2020, 12:09 PM
no, I don’t think I’ve seen that
I think that’s laucher saying it can’t talk to osquery. More logs might help. Are you running this in the foreground? It’s easier to get debug logs.
Or… A new launcher flag is
debug_log_filej
Jason Green
10/22/2020, 6:31 PMHere's a pastebin with debug on: https://pastebin.com/b3DQ9xdU
Could it be a problem with osquery-extension.exe not properly launching or connecting to the named pipe?
@seph I posted some debug logs, does that give you any more clues?
d
defensivedepth
05/04/2021, 11:16 AMSeeing this error again... Seems to be very intermittent
m
MarkMurdock
05/24/2021, 9:18 PMI am also seeing this error on some Server 2019 VMs. Anyone figure out what was going on?
d
defensivedepth
05/24/2021, 11:35 PM@MarkMurdock Is that with Security Onion?
m
MarkMurdock
05/25/2021, 12:25 AMNo in my case it's FleetDM on Ubuntu 20.04
And Server 2019 with Launcher + autoupdate
s
seph
05/25/2021, 1:56 AM
The error quote here just says launcher couldn’t talk to osquery. But it doesn’t say anything about why. Gotta dig through the prior logs to see what the error might be